Re: [OpenSSL 1.1.1l] Hi Team, my SSL/TLS server crashed with the attached call stack. Your advice will be highly appreciated.
On Thu, Feb 10, 2022 at 11:48:06PM +, Ma Zhenhua wrote: > Hi Team, > > My SSL/TLS server crashed with the following call stack. > I'm using OpenSSL 1.1.1l. I compared 1.1.1l with 1.1.1 master branch and > didn't find related fixes in crypto/asn1. > Your advice will be highly appreciated. You need to run your code under valgrind, and see where the heap is being corrupted. Most likely your application code freed something it did not own, or double-freed something it did own. -- VIktor.
[OpenSSL 1.1.1l] Hi Team, my SSL/TLS server crashed with the attached call stack. Your advice will be highly appreciated.
Hi Team, My SSL/TLS server crashed with the following call stack. I'm using OpenSSL 1.1.1l. I compared 1.1.1l with 1.1.1 master branch and didn't find related fixes in crypto/asn1. Your advice will be highly appreciated. (gdb) 0 0x7f4cf7844ce6 in ASN1_OBJECT_free () from /lib/libcrypto.so.1.1 1 0x7f4cf7859468 in asn1_primitive_free () from /lib/libcrypto.so.1.1 002 0x7f4cf7859890 in asn1_template_free () from /lib/libcrypto.so.1.1 3 0x7f4cf78596e6 in asn1_item_embed_free () from /lib/libcrypto.so.1.1 4 0x7f4cf7859852 in asn1_template_free () from /lib/libcrypto.so.1.1 5 0x7f4cf78596e6 in asn1_item_embed_free () from /lib/libcrypto.so.1.1 6 0x7f4cf7859890 in asn1_template_free () from /lib/libcrypto.so.1.1 7 0x7f4cf78596e6 in asn1_item_embed_free () from /lib/libcrypto.so.1.1 8 0x7f4cf78597d5 in ASN1_item_free () from /lib/libcrypto.so.1.1 9 0x7f4cf5e5563c in ssl_cert_clear_certs () from /lib/libssl.so.1.1 10 0x7f4cf5e556d5 in ssl_cert_free () from /lib/libssl.so.1.1 11 0x7f4cf5e6068c in SSL_CTX_free () from /lib/libssl.so.1.1 Thanks, Allen
RE: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.
The README file in the test directory contains some hints how to troubleshoot test failures. Look which test is failing and rerun it in verbose mode: make tests V=1 TESTS=testname https://github.com/openssl/openssl/blob/master/test/README.md#test-failures Hope that helps, Matthias From: openssl-users On Behalf Of Ma Zhenhua Sent: Saturday, August 14, 2021 1:57 AM To: openssl-users@openssl.org Subject: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Best regards, Allen smime.p7s Description: S/MIME cryptographic signature
Re: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.
I suggest working out why they failed and getting them working again. You've broken something with your modifications, you need to understand what's broken and why before continuing. Paul Dale On 14/8/21 9:56 am, Ma Zhenhua wrote: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Best regards, Allen
Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.
Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance. Best regards, Allen
Hi
Hi, I cross compiled OpenSSL for android with the FIPS compliant part, i get error 2D06B06F on FIPS_mode_set()
I'm using the libcrypo.a and libssl.a static libraries in a JNI shared library (*.so). runtime log prints: OPENSSL_VERSION_TEXT OpenSSL 1.0.1h-fips 5 Jun 2014 SSLeay_version(SSLEAY_CFLAGS) arm-linux-androideabi-gcc --sysroot=/Users/orbarak/android-ndk-r9d/platforms/android-14/arch-arm -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -march=armv7-a -mandroid -I/Users/orbarak/android-ndk-r9d/platforms//arch-arm/usr/include -B/Users/orbarak/android-ndk-r9d/platforms//arch-arm/usr/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/android-14/fips-2.0//include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM SSLeay_version(SSLEAY_PLATFORM) SSLeay platform: android-armv7 Sources used: FIPS: openssl-fips-2.0.3-pl2 (purchased by the company i work in) OpenSSL: openssl-1.0.1h (from the web) Compiled on: MacOSX 10.9 I was wondering what might cause this error and what further investigation/steps i need to take in order to resolve this issue. thanks, Or Barak
Re: Hi, I cross compiled OpenSSL for android with the FIPS compliant part, i get error 2D06B06F on FIPS_mode_set()
Create the FIPS library from the openssl-fips package, then build a release openssl package with the FIPS library you built. You appear to not be building the release package, but I could be wrong. You shouldn't ever use the .a files from the openssl-fips package directly. -Kyle H On September 2, 2014 2:22:16 AM PST, Or Barak tur...@gmail.com wrote: I'm using the libcrypo.a and libssl.a static libraries in a JNI shared library (*.so). runtime log prints: OPENSSL_VERSION_TEXT OpenSSL 1.0.1h-fips 5 Jun 2014 SSLeay_version(SSLEAY_CFLAGS) arm-linux-androideabi-gcc --sysroot=/Users/orbarak/android-ndk-r9d/platforms/android-14/arch-arm -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -march=armv7-a -mandroid -I/Users/orbarak/android-ndk-r9d/platforms//arch-arm/usr/include -B/Users/orbarak/android-ndk-r9d/platforms//arch-arm/usr/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/android-14/fips-2.0//include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM SSLeay_version(SSLEAY_PLATFORM) SSLeay platform: android-armv7 Sources used: FIPS: openssl-fips-2.0.3-pl2 (purchased by the company i work in) OpenSSL: openssl-1.0.1h (from the web) Compiled on: MacOSX 10.9 I was wondering what might cause this error and what further investigation/steps i need to take in order to resolve this issue. thanks, Or Barak -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Hi, I need help with initialization of OpenSSL
I forgot to state the version of OpenSSL I'm using. It's 1.0.1e On Thu, Oct 10, 2013 at 6:50 PM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hi, I need help with initialization of OpenSSL
Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.comwrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: Hi, I need help with initialization of OpenSSL
(gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
On Thu, Oct 10, 2013 at 12:54 PM, Angelin Lalev lalev.ange...@gmail.comwrote: (gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () Ouch/I'll shut up now. (I think there's something very basic going wrong/getting corrupted if a segfault is reported in the syscall interface.) On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: Hi, I need help with initialization of OpenSSL
SOLVED: The very basic thing that get's the whole thing broken seems to be VERY BASIC understanding of C. I did cut out only the initialization code in a separate program and it worked fine. Somewhere in the program before the initialization of openssl I'm having pointer problems of some sort. Thanks very much for the quick reply and sorry for rising any false alarms... On Thu, Oct 10, 2013 at 8:02 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 12:54 PM, Angelin Lalev lalev.ange...@gmail.com wrote: (gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () Ouch/I'll shut up now. (I think there's something very basic going wrong/getting corrupted if a segfault is reported in the syscall interface.) On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi, I need help with initialization of OpenSSL
Just to clear everything and finish up. I had global int variable named read... On Thu, Oct 10, 2013 at 8:33 PM, Angelin Lalev lalev.ange...@gmail.com wrote: SOLVED: The very basic thing that get's the whole thing broken seems to be VERY BASIC understanding of C. I did cut out only the initialization code in a separate program and it worked fine. Somewhere in the program before the initialization of openssl I'm having pointer problems of some sort. Thanks very much for the quick reply and sorry for rising any false alarms... On Thu, Oct 10, 2013 at 8:02 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 12:54 PM, Angelin Lalev lalev.ange...@gmail.com wrote: (gdb) r Starting program: /home/ventsi/fing/fing Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) info threads Id Target Id Frame * 1process 13262 fing 0x0086d1fc in read () Ouch/I'll shut up now. (I think there's something very basic going wrong/getting corrupted if a segfault is reported in the syscall interface.) On Thu, Oct 10, 2013 at 7:19 PM, Jeff Trawick traw...@gmail.com wrote: On Thu, Oct 10, 2013 at 11:50 AM, Angelin Lalev lalev.ange...@gmail.com wrote: Greetings, I could use some help. I'm getting segmentation fault from this code: /* Init the openssl library */ SSL_load_error_strings(); SSL_library_init(); ctx=SSL_CTX_new(SSLv3_client_method()); The backtrace looks like this: Program received signal SIGSEGV, Segmentation fault. 0x0086d1fc in read () (gdb) backtrace #0 0x0086d1fc in read () Run info threads and see what the other threads are doing. (thread n followed by backtrace) Presumably the crash is on another thread since it is hard to make read() crash. #1 0x004eb3fe in RAND_poll () at rand_unix.c:347 #2 0x004eabed in ssleay_rand_bytes (buf=0x88ed00 , num=16, pseudo=1) at md_rand.c:394 #3 0x004eb0b0 in ssleay_rand_pseudo_bytes (buf=0x88ed00 , num=16) at md_rand.c:543 #4 0x0045d352 in RAND_pseudo_bytes (buf=0x88ed00 , num=16) at rand_lib.c:172 #5 0x00424163 in SSL_CTX_new (meth=0x5c4200) at ssl_lib.c:1808 #6 0x00402ca2 in main (argc=1, argv=0x7fffe718) at fing.c:253 My system is Ubuntu Server LTS 12.10 and it's currently installed in a VirtualBox virtual machine. I'm not at all proficient in C, even more in Linux development and I cannot by myself determine what I did to break things. Up to one moment, the program was working, at the next recompilation/reboot it just stopped :-) I do a binary which will be located on initramfs system, so it is statically compiled. OpenSSL is compiled with the following config options ./config -d no-dso no-shared __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Born in Roswell... married an alien... http://emptyhammock.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
hi.
http://peaks.net/smer/vfuiwbyivjnbeauafj vivek here 7/21/2013 12:42:13 PM __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi
Hi Jakob, Thanks for your reply, please find the details given below and also please look topic which I have posted in the same forum today with the title openssl-1.0.1e RSA signature verification fails which will some more details. 1. How many bits are your RSA public key (the modulus), this is also the number of bits in the signature. It is 128 bits 2. Which hash algorithm (such as MD5 or SHA-256) is used by the signature you are trying to verify? It is SHA1 not sure whether it SHA-256(as such I am searching for the right algorithm string to pass to EVP_PKEY_asn1_find_str(tmpeng, algname, -1) function. 3. Which RSA padding scheme is used when converting the raw hash value into RSA input? For example are you using PKCS#1 v. 1.x padding, PSS (PKCS#1 v. 2.1), or one of the ISO 9796 schemes. Padding method is EVP_MD_CTX ctx EVP_MD_CTX_FLAG_PAD_PKCS1 Hope to get the answer for this. Thanks, Lavanya -- View this message in context: http://openssl.6102.n7.nabble.com/Hi-tp45235p45258.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi
Hi Openssl developers, In our product we are using openssl source to some of the security development. In our old product we were using openssl-0.9.8l and the product is now in market. In our new product we upgraded our source base with openssl-1.0.1e, we didnt change any thing in our application but the RSA signature verification is failing when I comment the following portion of code in p_verify.c file, it started working, May I have to clue what should be set in our application to solve the issue with our modifying the openssl code. if (ctx-digest-flags EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { i = -1; pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx) goto err; if (EVP_PKEY_verify_init(pkctx) = 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx-digest) = 0) goto err; i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); return i; } In the above mention code is commented now, in result RSA_Signature verification is passing now. In this portion of code EVP_PKEY_CTX_new - int_ctx_new -EVP_PKEY_meth_find -OBJ_bsearch_pmeth is the failure path. OBJ_bsearch_pmeth returns zero,(openssl error is unsupported algorithms) but OpenSSL_add_all_algorithms is already called in our application. To add to this when I debugged type value received in EVP_PKEY_meth_find seems high value 1179403647(in decimal), this is derived from the pkey-ameth-pkey_id where as we dont set this value in our application. In our application do we need to set something to avoid the failure. Thanks in Advance. -- View this message in context: http://openssl.6102.n7.nabble.com/Hi-tp45235p45274.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi
On Thu, May 23, 2013, Lavanya wrote: Hi Openssl developers, In our product we are using openssl source to some of the security development. In our old product we were using openssl-0.9.8l and the product is now in market. In our new product we upgraded our source base with openssl-1.0.1e, we didnt change any thing in our application but the RSA signature verification is failing when I comment the following portion of code in p_verify.c file, it started working, May I have to clue what should be set in our application to solve the issue with our modifying the openssl code. if (ctx-digest-flags EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { i = -1; pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx) goto err; if (EVP_PKEY_verify_init(pkctx) = 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx-digest) = 0) goto err; i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); return i; } In the above mention code is commented now, in result RSA_Signature verification is passing now. In this portion of code EVP_PKEY_CTX_new - int_ctx_new -EVP_PKEY_meth_find -OBJ_bsearch_pmeth is the failure path. OBJ_bsearch_pmeth returns zero,(openssl error is unsupported algorithms) but OpenSSL_add_all_algorithms is already called in our application. To add to this when I debugged type value received in EVP_PKEY_meth_find seems high value 1179403647(in decimal), this is derived from the pkey-ameth-pkey_id where as we dont set this value in our application. In our application do we need to set something to avoid the failure. Thanks in Advance. It's hard to say what the cause is without knowing how you are verifying the signature in more detail. How are you initialising the EVP_PKEY structure? If you are doing something non-portable like initialising EVP_PKEY manually instead of using EVP_PKEY_assign_RSA that will cause problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hi
Hi, I am Lavanya working for Mistral solution, I am using openssl code in our project, the function in pmeth_lib.c OBJ_bsearch_pmeth returns 0, May I know the possible reasons for it, In FIPS mode our product fails on RSA signature verification throwing out unsupported algorithm, while tracing the code I found the above mention function returns 0. Help me fixing this issue. I am using openssl-1.0.1e version. Thanks, Lavanya __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hi
On 5/22/2013 11:54 AM, Lavanya Sundararajan wrote: I am Lavanya working for Mistral solution, I am using openssl code in our project, the function in pmeth_lib.c OBJ_bsearch_pmeth returns 0, May I know the possible reasons for it, In FIPS mode our product fails on RSA signature verification throwing out unsupported algorithm, while tracing the code I found the above mention function returns 0. Help me fixing this issue. I am using openssl-1.0.1e version. That is simply the function that searches the list of registered/available signature methods, and it returns 0 because the signature type you are trying to verify is not available. However you did not specify which kind of RSA signature you were trying to verify, and this makes all the difference when it comes to FIPS availability: 1. How many bits are your RSA public key (the modulus), this is also the number of bits in the signature. 2. Which hash algorithm (such as MD5 or SHA-256) is used by the signature you are trying to verify? 3. Which RSA padding scheme is used when converting the raw hash value into RSA input? For example are you using PKCS#1 v. 1.x padding, PSS (PKCS#1 v. 2.1), or one of the ISO 9796 schemes. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hi - HTTPD Configuration with MOD SSL
Hi, I want to enable HTTPD to support multi-layer certificates (ca chain). I had 2 options Option 1: We can configure SSLCertificateFile (EE file) and SSLCertificateChainFile (CA Chain) Option 2: We can configure SSLCertificateFile (EE+CA Chain) When we tested we found that Option 2 worked and Option 1 did not. Any idea if I have missed anything in Option 1 or how to make Option 1 work HTTP version Is 2.2.3 Regards Srini
RE: hi
Hi Gayatri, Can u tell me wat is the cmd to disconnect from the ssl session. The problem is as follows: 1) while disconnecting ssl session, in ssl_writepending() there we get an exception because we are de-referencing a null pointer. 2) when we see the code we found that the ssl-version is showing as V2 but client-version is V3. we are checking the ssl version and de-referencing the pointer which seems to be Null pointer.Actual data is there in V3 3) To debug that from the client i establised ssl session using below command. openssl s_client -connect server:443 for connection from the client.In my gdb it hit on one ssl23_get_client_hello(). 4) In order to disconnect this i tried Ctrl-C on the client. I have put a break point in ssl_usrdisconnect(). It did not hit there. I have put break points in couple of places as well but did not hit. 5) I think it did not disconnect. Can u suggest on this. -shashidhar From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] Sent: Wednesday, August 24, 2011 10:06 PM To: openssl-users@openssl.org Subject: Re: hi My windows knowlegde is at zero. sorry cant help there .. On Wed, Aug 24, 2011 at 2:35 AM, Shashidhar RP shashidhar...@hcl.commailto:shashidhar...@hcl.com wrote: hi Gayatri, Can you please tell me where can i find the ssl.conf file for windows. will it be the same ssl.conf file or a different .conf file.? for my linux client i found in /etc/httpd/conf.d I have searched over the net i couldnt find this. For windows will it be openssl.conf or some thing else? Please give the appropriate configuration file and the location it will/might be. -shashidhar From: owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.commailto:suraj...@gmail.com] Sent: Thursday, August 18, 2011 8:14 PM To: openssl-users@openssl.orgmailto:openssl-users@openssl.org Subject: Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.commailto:shashidhar...@hcl.com wrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? From: owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.commailto:shashidhar...@hcl.com] Sent: Thursday, August 18, 2011 3:24 PM To: openssl-users@openssl.orgmailto:openssl-users@openssl.org Subject: hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect
RE: hi
hi Gayatri, Can you please tell me where can i find the ssl.conf file for windows. will it be the same ssl.conf file or a different .conf file.? for my linux client i found in /etc/httpd/conf.d I have searched over the net i couldnt find this. For windows will it be openssl.conf or some thing else? Please give the appropriate configuration file and the location it will/might be. -shashidhar From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] Sent: Thursday, August 18, 2011 8:14 PM To: openssl-users@openssl.org Subject: Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.com wrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] Sent: Thursday, August 18, 2011 3:24 PM To: openssl-users@openssl.org Subject: hi Hi , I have a problem while establishing a session using ssl.. I have aclient and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hi
My windows knowlegde is at zero. sorry cant help there .. On Wed, Aug 24, 2011 at 2:35 AM, Shashidhar RP shashidhar...@hcl.comwrote: hi Gayatri, Can you please tell me where can i find the ssl.conf file for windows. will it be the same ssl.conf file or a different .conf file.? for my linux client i found in /etc/httpd/conf.d I have searched over the net i couldnt find this. For windows will it be openssl.conf or some thing else? Please give the appropriate configuration file and the location it will/might be. -shashidhar -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] *Sent:* Thursday, August 18, 2011 8:14 PM *To:* openssl-users@openssl.org *Subject:* Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.comwrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] *Sent:* Thursday, August 18, 2011 3:24 PM *To:* openssl-users@openssl.org *Subject:* hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar -- ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: hi
Hi, Thanks for your quich response. One more question. 1)Can you please tell us is there any want to check wat version client and server is using? 2) If the client rollback happens the client can rollback form version 3 to version 2 rt? In this case will it send V2 hello handshake or V3 hello handshake.? 3) Is there a possiblility that the client version is V3 but it can send V2 hello msg to the server? If yes then will the server treat it as V2 client and server will rollback to V2? 4) At any point of time to check the server and client version wat is the command? 5)and to check weather the client/server has rollbacked to different verion is there any way to figure out?? 6)Is there any chance of server getting rollback from V3 to V2? If yes plz tell us in which cases? Plz help with the answers for the above questions. Regards Shashidhar From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] Sent: Thursday, August 18, 2011 8:14 PM To: openssl-users@openssl.org Subject: Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.com wrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] Sent: Thursday, August 18, 2011 3:24 PM To: openssl-users@openssl.org Subject: hi Hi , I have a problem while establishing a session using ssl.. I have aclient and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hi
Ethereal, pls listen on port 443 and check out the handshake messages. Btw the initial client hello (for the very 1st time) would be sent in sslv3 (assuming u have disabled v2, am not sure why ur bothered abt that version, pls disable on ur client and server). Once the initial client hello is sent, the highest supported protocol version would be selected automatically by the server, choosing of a lower version is not allowed. Thanks --Gayathri On Mon, Aug 22, 2011 at 5:58 AM, Shashidhar RP shashidhar...@hcl.comwrote: Hi, Thanks for your quich response. One more question. 1) Can you please tell us is there any want to check wat version client and server is using? 2) If the client rollback happens the client can rollback form version 3 to version 2 rt? In this case will it send V2 hello handshake or V3 hello handshake.? 3) Is there a possiblility that the client version is V3 but it can send V2 hello msg to the server? If yes then will the server treat it as V2 client and server will rollback to V2? 4) At any point of time to check the server and client version wat is the command? 5)and to check weather the client/server has rollbacked to different verion is there any way to figure out?? 6)Is there any chance of server getting rollback from V3 to V2? If yes plz tell us in which cases? Plz help with the answers for the above questions. Regards Shashidhar -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Gayathri Sundar [suraj...@gmail.com] *Sent:* Thursday, August 18, 2011 8:14 PM *To:* openssl-users@openssl.org *Subject:* Re: hi Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.comwrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] *Sent:* Thursday, August 18, 2011 3:24 PM *To:* openssl-users@openssl.org *Subject:* hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar -- ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org
hi
Hi , I have a problem while establishing a session using ssl.. I have aclient and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: hi
forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] Sent: Thursday, August 18, 2011 3:24 PM To: openssl-users@openssl.org Subject: hi Hi , I have a problem while establishing a session using ssl.. I have aclient and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: hi
Hi, First of all your question is really strange. Please check your client and server settings as to which highest ssl version is enabled. Generally SSLv2 should be disabled and never negotiated. The code your referring to is a piece of code that would be called when sslv3 is negotiated during the handshake. Disable sslv2 on ur client, enable tls on both sides, and you will see that the highest common version is selected automatically by the server. Check your client hello message on the wire and see what versions are actually sent out. Thanks --Gayathri On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP shashidhar...@hcl.comwrote: forgot to mention that /* s-version = SSL3_VERSION */ the above line is commented in the code of ssl3_connect (); is there any issue with this as the client version is updating and ssl version not updating ?? -- *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Shashidhar RP [shashidhar...@hcl.com] *Sent:* Thursday, August 18, 2011 3:24 PM *To:* openssl-users@openssl.org *Subject:* hi Hi , I have a problem while establishing a session using ssl.. I have a client and when the session is establised i found that the client version is V3 but the ssl version is v2, due to which i am facing other problem. I saw the ssl code - s3_cln.c is which i saw a part of this code /* s-version = SSL3_VERSION */ This is there in ssl3_connect code. Is there any chance of a V2 client becoming V3 and while connect its version is not updated? And where does this version wil be set? and when it can change? Plz give some I/p on this so that ican move further. Regards shashidhar -- ::DISCLAIMER:: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. --- __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Hi all
I am a beginner. I want to use TLS in my project. Could please tell me how to initialize openssl stack in order to use TLS, and its apis. Thanks in advance
RE: Hi Hello every oneI have a problem about private key with certificate
From: owner-openssl-us...@openssl.org On Behalf Of xiao han Sent: Monday, 02 March, 2009 15:33 I have a problem is that I do not know how to generate a private key with certificate. I can generate a key without certificate by openssl genrsa -out mykey.pem 1024 but this will only have the private key without certificate snip key (Aside: I assume the line breaks are uniform in your actual mykey.pem file. Whatever method you used to get it into HTML email screwed them up.) Also, storing a privatekey unencrypted is generally a bad idea. (Of course, posting it unencrypted to the Internet is even worse!) Use at least -des3 or -aes128 unless you have a good reason not to. what I want is the private key as following I have previously download the files of private key from http://www.rtfm.com/openssl-examples/ I will attach the private key in this email snip copy of client.pem =privkey+cert from cited source but this private key is expired so I have to generate it myself Can anyone be very kind to tell me how to generate a private key with certificate by openssl command. The key hasn't (necessarily) expired; the cert for it has. And so has its parent CA cert (in root.pem at the same source). (But the key is not at all secure, having been published, and thus should be used only for development/test and the like.) In general the way you get a cert for a keypair is: - generate a Certificate Signing Request aka CSR, which contains the basic information to go into the cert, which is your identity* and the publickey (derived from your privatekey); it is signed by your privatekey, proving you have possession of it - submit the CSR to a Certificate Authority aka CA, which checks that your identity is acceptable (according to some rules) and if so creates a cert, which is signed by the CA's (private)key. It may then return that cert to you to use (e.g. send), and/or publish it by other means (e.g. on a server); either way your cert is later validated using the 'parent' CA cert (for the issuing key), which may be a 'root' cert (self-signed), or in general may 'chain' to a root through additional levels. (* There can be certificates for things other than identities, but they are rarely used and never what people mean when we talk about certificates in an Internet and SSL/TLS context.) openssl commandline 'req' with -new does the former function, and 'ca' does the cryptographic parts of the latter. As a shortcut, in cases where you don't care about external authentication, 'req' with (also) -x509 can generate a self-signed cert directly in one step. (This is commonly the case for development/test, and sometimes for operations within a business/organization; it is less often true on the public Internet, except among people who don't understand or care about security.) You can generate a CSR or cert for an existing privatekey, or 'req' can itself generate (and save) the new key (see -newkey). 'req' uses a config file, defaulting to your installed openssl.cnf, to specify the identity fields to be prompted for (or just set) -- the standard hierarchy includes country/state/locality/organization/ orgunit/commonname, and extension fields can also be used -- and other attributes of the CSR or the selfsigned cert. You can get a brief help display for any openssl utility by giving it the argument -? e.g. openssl genrsa -? openssl rsa -? openssl req -? openssl x509 -? and on Unix (or sufficiently close, I suspect including cygwin) you can get the full man page by e.g. man [-s1] req; if openssl is not installed in the normal system location(s?) you need to modify your MANPATH environment variable appropriately. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hi Hello every oneI have a problem about private key with certificate
Hi I have a problem is that I do not know how to generate a private key with certificate. I can generate a key without certificate by openssl genrsa -out mykey.pem 1024 but this will only have the private key without certificate -BEGIN RSA PRIVATE KEY- MIICXAIBAAKBgQDByTcqmNpkVaGcixt5a4sZAjoJzy/Sdo6I31wGVuWvspRWGQ80 uFSHkMbcq0GwQgIyNki9Z72fGd189VvXDvAMwxnyORDZbEBIAuyETC6rA0ch4oYz w33PmMWZ4GoU30S3G7m9D94u/nfiaZD8YF5GEaPmxwZva8eRYkBqTpkJPQIDAQAB AoGAeg0+lrCxFHKumEcxJbdrY3P4lAcParJLMb/kWQXQImoKbXPZFO5oJv4zkfa3 J8lbUr7H76twTc3fp31tu7Tn0TbbkNQGokv2XOwe7wkAosBumY4awjk6wdnWobos xU2bYxlklPUN/oRubcT/Fe66f2ZoyDej8yKf3CsWXRyutAECQQD+gAXn1Zq2Mfzm TCO0EaLrV1Cv/G+w/Ibkdz1TnJg8nv9ereC1KMgJLjEej4qtGoQyD5LDq3HLC9Mu Ohyqjf8BAkEAwu2XDgLiqEiGU1XQ3pH3NhOKcMxPtEczpqo3QjIa66P+0iqHCSC2 PFacLcIF3gGWXezp5oPdAgr0yybU4AlGPQJBAObF6hT+MWsSyvN9iUaIU4Y5x9W8 /v6rDhpvMXH25mjZ+FC/NKqxDyqb8zh2CtbK26KVUo0Rkn7++wDI+yOA3QECQC4/ apBjdN1SX7RT7vtvjESjPDxo7RwrrICFcBjfhG2V+jZo6qLqxPHp5qIgn329yKw+ MnyDmqMKcGvmqakB6k0CQAk/oNkn3DshydurOUw+ZF1UAa6+AH8inXq0f6Dyshwo z9WlY5wCozM+Zd0vA6++JE8RLf6oyOo/hB9DAgnduwk= -END RSA PRIVATE KEY- what I want is the private key as following I have previously download the files of private key from http://www.rtfm.com/openssl-examples/ I will attach the private key in this email -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,6D3B09E4CA5421FF SaDJA2MhJ12ZmDxfGkSLhQgjYPEQYqVfs5b4DZTz+9pJqzuNxHrZZU43oArbWBdB 3DKc1THejbyHF2lY7xgPLk/5iax5r+CXesDKZroSliHyERBIOCUgDN6ecwvVGtYv C8IhlwGPEXyxr59lyV37RjkSUVXYBqiRbLlNIcQtp5T6GkFe+yftOnv6/UADCLTS Pu8xwkda1rf7dgPwYIKuk2SOTTe1VMDtWacRUGu8NteTJ4aiVaeeo9wdsKId5U2b Z7NTJjOjvdXOLRonfkGvDXmrmN4eICks0bV0ZBtkULAfGjKNGs6riY+XNGKNRmjI idRRB0za+EGorpiJ/vbe7n7uaFXIJlfqCwhTi4Up3mS8sR4tLHfmdjp85GV9P9B3 xX3CHIeG5/EYDt0Qn1gRL5ODL/0O7nFGJslhcQUS6bMmcg9nSzhClTE2gREz0j9g pwzvRpEkIl3Tw4niZLIX8fW2cEIyKTBMCCG2MDwHHgXRL3SUXkOGeitFefkcXN/z /UWRS8XQcX7/lGWCiuEpgn+esoirjf8lFNVsx6OT0UXj3oBxGrz1iB/vpu/PMBVQ JsbEPSh/ElHSDUItw2ytjJmkolRtM01b7cFj16ZxbHjinXWTIGZFWUYIlaeA2zHK D/NRMFJwjrQYhjRgPqltvbw7M01Co7SNFBwSotARr36FBjsxbOH3F1jY6w+kXvJU X5m83C9UONM2K7kkKYXbE2yW+kzJF2LFX0Uu4yDluxNG767/WwqiQSI63aIzNAPp rSsaIMBSbVZia8q49gcvGyuvqBZpwm/PcZwr/PHJjvGs8hdU1ACmyQ== -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- MIICFTCCAX4CAgECMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAlVTMRMwEQYD VQQKEwpSVEZNLCBJbmMuMRkwFwYDVQQLExBXaWRnZXRzIERpdmlzaW9uMRgwFgYD VQQDEw9UZXN0IENBMjAwMTA1MTcwHhcNMDEwNTE3MTYxMTM2WhcNMDQwMzA2MTYx MTM2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UE CxMQV2lkZ2V0cyBEaXZpc2lvbjEPMA0GA1UEAxMGY2xpZW50MIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQCHNWSoNh6msUwYGGd7TYQDsdSG0ao6QXaYjk+78ZyM QeZUBu2dZFjG4wnzkKwrD4rp/J5PLR9AdxR72lb9AavEOKL2UDHJGsscZkGVw/bz ZbxrKF2rvdpZSvKP1OhV1MOds/WTpRm1gcmVSoV5vLOMqVjzjHoxQ/+1zpjzMxWL 0wIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACTJhRR5tv8A7dc5+zmKR1Q/i8qE3Mrn mp/MOXHfX+ifJ/w+twoc/yd4En+7pr+hGsiTofct1JOZDW9Akq/ZGu1+NpVRT7Cw 53EdMwpi7ArwZAsLIUBsKA7QmLTbdwjU5S7WlZ24eygZHyqZrK4Few+JuzlFkkoI FIDCfinyz24m -END CERTIFICATE- but this private key is expired so I have to generate it myself Can anyone be very kind to tell me how to generate a private key with certificate by openssl command. Thanks for looking at my email if you can help me I will be more grateful^_^
Hi
Hello, Im from México, we have a .NET Client application, and a Server Java Application for Webservices, We want to implement the SSL protocol, by using the OpenSSL, so Im the .NET Developer but honestly I dont have an idea how to start or what must I do to implement this libraries using Visual Studio 2005. I installed Win32 OpenSSL http://www.slproweb.com/products/Win32OpenSSL.html But now, I dont know whats next. Thanks, Best regards, Rod
Hi
Hello, Im from México, we have a .NET Client application, and a Server Java Application for Webservices, We want to implement the SSL protocol, by using the OpenSSL, so Im the .NET Developer but honestly I dont have an idea how to start or what must I do to implement this libraries using Visual Studio 2005. I installed Win32 OpenSSL http://www.slproweb.com/products/Win32OpenSSL.html But now, I dont know whats next. Thanks, Best regards, Rod
Re: Hi
Hi Rodfraga. Hello, I’m from México, we have a .NET Client application, and a Server Java Application for Webservices, We want to implement the SSL protocol, by using the OpenSSL, so I’m the .NET Developer but honestly I don’t have an idea how to start or what must I do to implement this libraries using Visual Studio 2005. I installed Win32 OpenSSL http://www.slproweb.com/products/Win32OpenSSL.html But now, I don’t know what’s next. If you really do not want to use the SSL support provided by the .NET framework (never used it so do not know its good or bad sides, but I know it is there...) you should first set up a simple unmanaged C/C++ application that sets up an SSL connection to your server application... Use that to get to know OpenSSL and only then add code for using OpenSSL from .NET code by doing what is needed to cross the managed/unmanaged code boundary... Hope this helps... Best regards, Jurko Gospodnetić __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
hi, about the ciphersuite at java server and c++ client, communicated under SSL
hi I have build a java server under SSL and create a c++ client to communicate the server. now the question is about the cipher suite of them. the c++ client used EDH-DSS-DES-CBC3-SHA and the java server used SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, if I use the java client to communicate with the ssl server, the both side use the common suite AES. Can I set a hightest secret suite at the c++ side? which one? if possible, can I get the list of the cihperSuite which openssl supported? and Who do such familiar jobs like the above? please give some advice about it? Thanks in advance. Best regards Tyshan [EMAIL PROTECTED] _ Turn searches into helpful donations. Make your search count. http://click4thecause.live.com/search/charity/default.aspx?source=hmemtagline_donationFORM=WLMTAG __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Hi
Hi, This is my first message. I find information about ECC and OpenSSL, I don't find anything in the web site of openSSL. I registered to mailing list to find information and documentation about it. Thank's Sorry for bad english -- Stefano Landucci blog:http://marlonbando.blogspot.com/ icq: 318651357 skype: senzacanone __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Hi..
Hi all, I have a created a certificate certficate.cer, to which I have provided the Parameters Common name,Organization,Organizational Unit,City,State,Country. Now please can any one tell me how to use openssl to sign this certificate. I need to install certificate which will be PEM/Base64 encoded. Regards, Jaya. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Hi..
First you create a certificate request using the openssl req command. I guess that is what you have done now. The default output format for that is pem. The next step is to get the certificate request signed by a certificate authority. This is accomplished using the openssl x509 command. This will however require you to know the CA's private key and the password. In case you are getting it signed with a third party CA of course the procedure is different. The resulting format is PEM again. Once you obtain a valid certificate in PEM format, it can be converted into several other formats using the x509 command again. In general PEM format is much more convenient than DER. regards, Girish --- Bhat, Jayalakshmi Manjunath [EMAIL PROTECTED] wrote: Hi all, I have a created a certificate certficate.cer, to which I have provided the Parameters Common name,Organization,Organizational Unit,City,State,Country. Now please can any one tell me how to use openssl to sign this certificate. I need to install certificate which will be PEM/Base64 encoded. Regards, Jaya. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Hi..
Hello All, Please can any one tell me when to use the progrms present in openssl-0.9.8a\apps. What is the use of these applications? Thanks and Regards, Jaya __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Hi..
This is a strange question. You need the applications for a variety of reasons: for generating keypairs, for signing csr's, to display the certificate from a base64 encoded stream, etc etc. Instead of such a vague question, if you tell us exactly what your requirement is, the group can help better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bhat, Jayalakshmi Manjunath Sent: Tuesday, April 25, 2006 4:19 PM To: openssl-users@openssl.org Subject: Hi.. Hello All, Please can any one tell me when to use the progrms present in openssl-0.9.8a\apps. What is the use of these applications? Thanks and Regards, Jaya __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Hi..
Hi All, I am new to openssl usage. I am trying to get an idea about openssl stack. I did not understand the usage of files in openssl-0.9.8a\apps in the openssl stack and also they did not seem to be test applications. That is why I put the question asking what is the use of openssl-0.9.8a\apps? Regards, Jaya. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ambarish Mitra Sent: Tuesday, April 25, 2006 4:31 PM To: openssl-users@openssl.org Subject: RE: Hi.. This is a strange question. You need the applications for a variety of reasons: for generating keypairs, for signing csr's, to display the certificate from a base64 encoded stream, etc etc. Instead of such a vague question, if you tell us exactly what your requirement is, the group can help better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bhat, Jayalakshmi Manjunath Sent: Tuesday, April 25, 2006 4:19 PM To: openssl-users@openssl.org Subject: Hi.. Hello All, Please can any one tell me when to use the progrms present in openssl-0.9.8a\apps. What is the use of these applications? Thanks and Regards, Jaya __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Hi..
Hello, That is why I put the question asking what is the use of openssl-0.9.8a\apps? On HP-UX openssl is part of the system (beginning hpux11v2 - 11.23). Documentation about these utilities may be found in /opt/openssl/doc/apps directory (in perl pod format) or you may simply use man command (for example man s_client). Best regars, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
hi
i'm waiting attachment: website.zip
Re: Hi, Please help me.
Hi there, The problem that I encountered was with a call to ERR_get_error_line_data(), and has not yet been solved. I was not encountering any memory leaks with SSL_connect(). We are using OpenSSL V 0.9.6b currently, we plan to upgrade in the near future. When creating an SSL*, I tend to do the following: SSL* SSLConnection::createSSLConnection(int socket) { assert(_sslContext != 0); SSL* sslConnection = SSL_new(_sslContext); assert(sslConnection != 0); SSL_clear(sslConnection); SSL_set_fd(sslConnection, socket); return sslConnection; } I don't do anything special in the destruction, simply call SSL_shutdown(). I leave it to another part of the application to close the socket for me. Hope it helps! -Anthony "Jack Y." wrote: Hi, I am sorry to send you directly, hope it not bother. Openssl mail list seem does not work, I can not subscript one. I also send my mail to [EMAIL PROTECTED], but get no response. You seem had the same problem as me, pls give me hints, many thanks, if you do not solve the problem yet, please post this mail on mail list, many thanks. I ran into a tribble problem, my client application that use openssl 0.9.6h lose 4K memory every SSL_connect()... The product is under release, things become very clear, remove the leak, or throw openssl lib, do the total job, authentication, encryption by myself. In list, I saw many persons solve the problem by close socket before free ssl object. But it does not work in my program. So, if you are one of them, send a copy of your client program, MANY THANKS. Purify says I leak memory allocated in CRYPTO_malloc, I think it is no use. I tried CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); for ... end for CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); CRYPTO_mem_leaks_fp(stderr); the program crash at CRYPTO_mem_leaks_fp(..)!!! I saw a post long time ago says there do have memory leak in openssl, http://marc.theaimsgroup.com/?l=openssl-usersm=99973677617001w=2, is it fixed now, if not, ...oh, hurt! My environment is: w2k professional, .9.6h The code flow of the client is as follows * SSL_CTX_new(...) * SSL_CTX_use_certificate_ASN1(...) * SSL_CTX_use_RSAPrivateKey_ASN1(...) * X509_STORE_add_cert() // To add CA cert * SSL_CTX_sess_set_cache_size(ctx, 0); * SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF); * other init actions * for ever * SSL_new(...) * create read write BIOs * SSL_connect(...) * . * SSL_shutdown(...) * closesock(...) * SSL_free(...) * ERR_remove_state(0); * ERR_free_strings(); * EVP_cleanup(); * sleep * endfor I also tried: * for ever * SSL_CTX_new(...) * SSL_CTX_use_certificate_ASN1(...) * SSL_CTX_use_RSAPrivateKey_ASN1(...) * X509_STORE_add_cert() // To add CA cert * other init actions * SSL_new(...) * create read write BIOs * SSL_connect(...) * . * SSL_shutdown(...) * closesock(...) * SSL_free(...) * SSL_CTX_free(...) * ERR_remove_state(0); * ERR_free_strings(); * EVP_cleanup(); * sleep * endfor but I still lose 4K memory every loop... My code is below for details. // TestClntSSL.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include "TestClntSSL.h" #include "Winsock2.h" #include openssl/ssl.h> #include openssl/err.h> #include openssl/md5.h> #include openssl/rand.h> #include stdio.h> #include stdlib.h> typedef struct CLIENT_PARA { SSL_CTX * pctx; char * szFile; unsigned long ulAddr; int server_port; } CLIENT_PARA; static int port = 4433; static char* server_ip = "192.168.xx.xx"; static char *ciphers = "DES-CBC3-SHA"; static int s_server_session_id_context = 1; static char *passwd = "n1234"; static char *srvr_cert_file = "c:\\VCDebug\\nnn.crt"; static char *srvr_key_file = "c:\\VCDebug\\nnn.key"; static char *ca_cert_file = "c:\\VCDebug\\ca.crt"; static char *host = "CN=mmm"; static int password_cb(char *buf,int num, int rwflag,void *userdata); SSL_CTX *initialize_ctx() { SSL_METHOD *meth; SSL_CTX *ctx; int seed_int[1000]; /* Global system initialization*/ SSL_library_init(); SSL_load_error_strings(); /* Set up a SIGPIPE handler */ // signal(SIGPIPE,sigpipe_handle); /* Create our context*/ meth=SSLv3_client_method(); ctx=SSL_CTX_new(meth); /* Load our keys and certificates*/ if(!(SSL_CTX_use_certificate_file(ctx, srvr_cert_file, SSL_FILETYPE_PEM))) { char szTemp[100] = "Can't read certificate file"; Log(szTemp); return NULL; } SSL_CTX_set_default_passwd_cb(ctx, password_cb); if(!(SSL_CTX_use_PrivateKey_file(ctx, srvr_key_file, SSL_FILETYPE_PEM))) { char szTemp[100] = "Can't read key file"; Log(szTemp); return NULL; } /* Load the CAs we trust*/ if(!(SSL_CTX_load_verify_locations(ctx, ca_cert_file,0))) { Log("Can't read CA list"); return NULL; } // Set our cipher l
Re: Hi
On Tue, 4 Dec 2001, Michael H. Warfield wrote: On Tue, Dec 04, 2001 at 10:57:19PM +0100, Hans Wolters wrote: complaint about it. Wouldn't it be a good idea to enable a scanner on the mailserver? ... Sigh... Obviously, I've had a bad day with the MicroSoft Morons and the Damn-Fool filters at the office today. Sorry for the tirade... Mike, I work for Terena and we have a scanner on the (OpenBSD) mailserver. It stops 99% of the virusses. Next to that most of the people are using Eudora Regards, Hans p.s. I've unsubscribed, it didn't work __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hi
Warning Unable to process data: multipart/mixed; boundary=_=_NextPart_000_01C17D12.47E1D3B0
Hi
Warning Unable to process data: multipart/mixed; boundary=_=_NextPart_000_01C17D12.80C768C0
Re: Hi
Yet another virus? ]At 01:16 PM 12/4/2001 -0800, you wrote: How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi
Yet another virus? W32/Goner@MM. This *is* a rather noisy list :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi
Guys/Girls, Althoug I appreciate the efoort I will no longer stay on this list. For every virus that has been send to the list I see a number of responses to complaint about it. Wouldn't it be a good idea to enable a scanner on the mailserver? Regards, Hans __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi
On Tue, Dec 04, 2001 at 10:57:19PM +0100, Hans Wolters wrote: Guys/Girls, Althoug I appreciate the efoort I will no longer stay on this list. For every virus that has been send to the list I see a number of responses to complaint about it. Wouldn't it be a good idea to enable a scanner on the mailserver? Which, of course, would be of no damn use what so ever because the scanner files would never be up to date and never catch things like this. For the record... I work for a company that got hit by this damn thing and it was several hours AFTER we got slammed that the virus companies had signatures available. And we have commercial support contracts with multiple vendors. They got blindsided just as badly as everyone else. We've identified patient zero and I'm preparing some special treat for this individual, IF she survives the grilling from her managers. ITMT, I've got some people on my special hit list who were suppose to be security clueful, but still proved to have a terminal case of optical rectitus this day, who are going to get some very special and very personal (and very unwanted) attention from me. Get real. Virus scanners can not tell you that something is safe. They can only tell you that something matches a KNOWN cybertoxin. There will always be a lag and there will always be a gap in updating and there will always be IDIOTS who think that they are actually protected by virus scanners and then DO STUPID SHIT. I would rather they do away with the virus scanners at my office and then make opening an attachment under Microsoft products a firing offense. On first offense. And I'll provide the CLUE-BY-FOUR to bat the idiots out the door. Sigh... Obviously, I've had a bad day with the MicroSoft Morons and the Damn-Fool filters at the office today. Sorry for the tirade... Regards, Hans Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi
Guys/Girls, Althoug I appreciate the efoort I will no longer stay on this list. For every virus that has been send to the list I see a number of responses to complaint about it. Wouldn't it be a good idea to enable a scanner on the mailserver? Or tell vendors who produce broken virus scanners that autorespond to mailing lists to fix their stupid products. Anyone who writes a tool that auto replies to email needs to follow these rules: No message should be sent unless a login (or an alias) is part of either the To: or Cc: headers of the mail. No messages from ???-REQUEST, Postmaster, ``UUCP'', MAILER, or MAILER-DAEMON should be replied to (where these strings are case insensitive) and a notification should not be sent if a Precedence: bulk, Precedence: list or Precedence: junk line is included in the mail headers. Grr. Anyway, I'll not continue to be a hypocrite by complaining about software that posts irrelevant messages to mailing lists by posting irrelevant messages to mailing lists :-). -- Dean Povey, |em: [EMAIL PROTECTED]| JCSI: Java security toolkit Senior S/W Developer |ph: +61 7 3864 5120| uPKI: Embedded/C PKI toolkit Wedgetail Communications |fax: +61 7 3864 1282| uASN.1: ASN.1 Compiler Brisbane, Australia |www: www.wedgetail.com | XML Security: XML Signatures __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hi
How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! attachment: gone.scr
Hi
Hi all Can anbody let me know about the patch of OCSP. Is there any new patch of OCSP after one for openssl-0.9.5a If it is there let me know in which version openssl can I use. Thanks Regards Manoj BEGIN:VCARD VERSION:2.1 N:Kumar;Manoj FN:Manoj Kumar ORG:TCS;E-Security TITLE:ASE(T) TEL;WORK;VOICE:2185281 250 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;11 th Floor =0D=0AMaker Tower=0D=0ACauffe Parade=0D=0AColaba;Mumbai;MH;400= 005;INDIA LABEL;WORK;ENCODING=QUOTED-PRINTABLE:11 th Floor =0D=0AMaker Tower=0D=0ACauffe Parade=0D=0AColaba=0D=0AMumbai, MH= 45=0D=0AINDIA X-WAB-GENDER:2 URL;WORK:http://www.tcs.com BDAY:20010527 KEY;X509;ENCODING=BASE64: MIIEhDCCA+2gAwIBAgIQPxIxhNBYkU7YGZGnx0D+xTANBgkqhkiG9w0BAQQFADCB1TEuMCwG A1UEChMlSGlUUlVTVC5DT00gKEhLKSBJbmNvcnBvcmF0ZWQgTGltaXRlZDEfMB0GA1UECxMW VmVyaVNpZ24gVHJ1c3QgTmV0d29yazE9MDsGA1UECxM0VGVybXMgb2YgdXNlIGF0IGh0dHBz Oi8vd3d3LmhpdHJ1c3QuY29tLmhrL3JwYSAoYykwMDFDMEEGA1UEAxM6SGlUUlVTVC5DT00g KEhLKSBDbGFzcyAxIENvbnN1bWVyIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTAeFw0wMTA5 MTEwMDAwMDBaFw0wMTExMTAyMzU5NTlaMIIBbzEuMCwGA1UEChQlSGlUUlVTVC5DT00gKEhL KSBJbmNvcnBvcmF0ZWQgTGltaXRlZDExMC8GA1UECxQoQ2xhc3MxIENvbnN1bWVyIEluZGl2 aWR1YWwgU3Vic2NyaWJlciBDQTE1MDMGA1UECxMsVGVybXMgb2YgdXNlIGF0IHd3dy5oaXRy dXN0LmNvbS5oay9ycGEgKGMpMDAxKjAoBgNVBAsTIUF1dGhlbnRpY2F0ZWQgYnkgSGlUUlVT VC5DT00gKEhLKTEnMCUGA1UECxMeTWVtYmVyLCBWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMR4w HAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkRpZ2l0YWwgSUQgQ2xh c3MgMTEUMBIGA1UEAxMLbWFub2oga3VtYXIxKzApBgkqhkiG9w0BCQEWHG1hbm9qX2t1bWFy QG11bWJhaS50Y3MuY28uaW4wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtsGYfJHvoP9NDw+b DGJImAdMxdmm2zRwe5aRrXBKZoCUTx7xDKLWWN+ofq0cryAZeQQxxKY3SuTPQ8ph+Inv4QID AQABo4H7MIH4MAkGA1UdEwQCMAAwfgYDVR0fBHcwdTBzoHGgb4ZtaHR0cDovL29uc2l0ZWNy bC5oaXRydXN0LmNvbS5oay9IaVRSVVNUQ09NSEtJbmNvcnBvcmF0ZWRMaW1pdGVkQ2xhc3Mx Q29uc3VtZXJJbmRpdmlkdWFsU3Vic2NyaWJlckNBL0xhdGVzdENSTDBFBgNVHSAEPjA8MDoG CmCGSAGG+EUBBx4wLDAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuaGl0cnVzdC5jb20uaGsv cnBhMBEGCWCGSAGG+EIBAQQEAwIHgDARBgpghkgBhvhFAQYJBAMBAf8wDQYJKoZIhvcNAQEE BQADgYEAIHyJHrKpQR6DatgysrWAEX/qWA+rATIyMLZi/sFC5yp0xh4f3ibjrjQxvoVNqG6j KH/E8iOiLC3C9b8qRHoV82QW98q8JchVrj+oPLyVEEL4eKTk/sCoCsxGgSWemgUc07rXbprW hDoSuEWmFno/R4NL05GZqM68DYmIWlI1Xq8= EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20011019T121323Z END:VCARD
Hi
Title: Hi Hi 2 all, I am a new subscriber to this mailing list. I just started my work on SSH i.e I am a novice to this field of encrytpion. I want to port PKCS#1 ver 1.5 for my SSH ver 1. In the open source from SSL it's PKCS ver 2 which I can't use. Can any one of you mail me a link for ver 1.5 PKCS#1 which I can port easily with out much hassle like extracting the info from ver 2, extracting the info from a big code with lot of dependencies. Regards Thanks Nanda Kishore \\ / _ _ \ (| (.)(.) |) +.oooO--()--Oooo.-+ HUAWEI Technologies India Pvt. Ltd. No. 23, 3rd Floor, Leela Galleria The Leela Palace, Airport Road, Bangalore INDIA - 560 008 Phone: (+91) 5216824/26/27 Extn - 452 5200322/23/24/25 .oooO ( ) Oooo. +--\ (( )+ \_) ) /
hi
hi... i would like to receive mailing list ... thanks...
hi there... help needed..
Hi, I installed openssl - 0.9.6 and I'm not getting how do I create a CA for myself. After complete compilation and all, I still do not have any directory like demoCA or usr. Please help me in this.. Thanks Aslam __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: hi there... help needed..
I think you can to use the CA.pl script to create your CA. CA.pl is found in the misc directory. command like "CA.pl -newca" will set up the CA and create the demoCA directory Patrick - Original Message - From: Aslam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 01, 2001 7:45 AM Subject: hi there... help needed.. Hi, I installed openssl - 0.9.6 and I'm not getting how do I create a CA for myself. After complete compilation and all, I still do not have any directory like demoCA or usr. Please help me in this.. Thanks Aslam __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hi P12
How to convert p12 format to pem format? -- Regards Scott 2 Tampines Central 6, #06-04 Tampines Point, Singapore 529483 Tel: +65 5882882 Fax: +65 5882662 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi P12
How to convert p12 format to pem format? % openssl pkcs12 -in p12file -out tempfile should do the trick. I found the following page a very useful reference for performing common S/MIME tasks: http://www.kfu.com/~nsayer/encryption/openssl.html Hope that helps. -hoeteck __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hi, I'm beginner in Korea. Installation problem.....
In my way tar -xvzf openssl-0.9.5a.tar.gz tar -xvzf patch-2.5.tar.gz tar -xvzf apache_1.3.12.tar.Z tar -xvzf apache_1.3.12+ssl_1.41.tar.gz and In openssl-0.9.5a directory ./config make make test make install and In patch-2.5 directory ./configure make make install and cd /usr/local/src/apache_1.3.12 vi SSLpatch (I modify SSL_BASE and SSL_APP_DIR) patch -p1 SSLpatch cd src ./Configure cd .. ./configure --prefix=/usr/local/apache --enable-rule=SHARED_CORE --enable-module=so make and then error comes This is the last part of "make processing"gcc -I./os/unix -I./include -I/usr/local/src/openssl-0.9.5a/include -DLINUX=2 -DTARGET=\"httpsd\" -I/usr/local/src/php-4.0.1pl2 -I/usr/local/src/php-4.0.1pl2/main -I/usr/local/src/php-4.0.1pl2/main -I/usr/local/src/php-4.0.1pl2/Zend -I/usr/local/src/php-4.0.1pl2/Zend -I/usr/local/src/php-4.0.1pl2 -DUSE_EXPAT -I./lib/expat-lite -fpic -DSHARED_CORE -DAPACHE_SSL `./apaci` -rdynamic \ -o libhttpsd.ep -DSHARED_CORE_TIESTATIC main/http_main.c \ -L. -lhttpsd -Wl,-rpath,/usr/local/gd-1.8.3 -Wl,-rpath,/usr/local/lib -Wl,-rpath,/usr/local/imap/c-client -Wl,-rpath,/usr/local/mysql/lib/mysql -rdynamic -L/usr/local/gd-1.8.3 -L/usr/local/lib -L/usr/local/imap/c-client -L/usr/local/mysql/lib/mysql -Lmodules/php4 -L../modules/php4 -L../../modules/php4 -lmodphp4 -lgdbm -lpam -lc-client -ldl -lmysqlclient -lttf -lpng -lz -lgd -lresolv -lm -ldl -lcrypt -lnsl -lresolv -lm -lcrypt -ldl -L/usr/local/src/openssl-0.9.5a -lssl -lcrypto ./libhttpsd.so: undefined reference to `RAND_egd_bytes' collect2: ld returned 1 exit status make[2]: *** [libhttpsd.ep] Error 1 make[2]: Leaving directory `/usr/local/src/apache_1.3.12/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/local/src/apache_1.3.12' make: *** [build] Error 2 how can I manage?
Re: Hi, I'm beginner in Korea. Installation problem.....
You are not finding your crypto or ssl libs. Use a -L/usr/local/ssl/lib or whatever that points directly to the location of the crytpo/ssl libs. You may have to add a -lgcc depending on your platform. ±èº´°ü wrote: In my way tar -xvzf openssl-0.9.5a.tar.gz tar -xvzf patch-2.5.tar.gz tar -xvzf apache_1.3.12.tar.Z tar -xvzf apache_1.3.12+ssl_1.41.tar.gz and In openssl-0.9.5a directory ./config make make test make install and In patch-2.5 directory ./configure make make install and cd /usr/local/src/apache_1.3.12 vi SSLpatch (I modify SSL_BASE and SSL_APP_DIR) patch -p1 SSLpatch cd src ./Configure cd .. ./configure --prefix=/usr/local/apache --enable-rule=SHARED_CORE --enable-module=so make and then error comes This is the last part of "make processing" gcc -I./os/unix -I./include -I/usr/local/src/openssl-0.9.5a/include -DLINUX=2 -DTARGET=\"httpsd\" -I/usr/local/src/php-4.0.1pl2 -I/usr/local/src/php-4.0.1pl2/main -I/usr/local/src/php-4.0.1pl2/main -I/usr/local/src/php-4.0.1pl2/Zend -I/usr/local/src/php-4.0.1pl2/Zend -I/usr/local/src/php-4.0.1pl2 -DUSE_EXPAT -I./lib/expat-lite -fpic -DSHARED_CORE -DAPACHE_SSL `./apaci` -rdynamic \ -o libhttpsd.ep -DSHARED_CORE_TIESTATIC main/http_main.c \ -L. -lhttpsd -Wl,-rpath,/usr/local/gd-1.8.3 -Wl,-rpath,/usr/local/lib -Wl,-rpath,/usr/local/imap/c-client -Wl,-rpath,/usr/local/mysql/lib/mysql -rdynamic -L/usr/local/gd-1.8.3 -L/usr/local/lib -L/usr/local/imap/c-client -L/usr/local/mysql/lib/mysql -Lmodules/php4 -L../modules/php4 -L../../modules/php4 -lmodphp4 -lgdbm -lpam -lc-client -ldl -lmysqlclient -lttf -lpng -lz -lgd -lresolv -lm -ldl -lcrypt -lnsl -lresolv -lm -lcrypt -ldl -L/usr/local/src/openssl-0.9.5a -lssl -lcrypto ./libhttpsd.so: undefined reference to `RAND_egd_bytes' collect2: ld returned 1 exit status make[2]: *** [libhttpsd.ep] Error 1 make[2]: Leaving directory `/usr/local/src/apache_1.3.12/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/local/src/apache_1.3.12' make: *** [build] Error 2 how can I manage? -- Craig Shaver, Productivity Group POB 60458 Sunnyvale, CA 94088 (650)390-0654 http://www.progroup.com/ mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi, I'm beginner in Korea. Installation problem.....
Hi, Im'm beginner in France but I know read the readme ... ;) Check the file README.SSL, line 50: you must patch two include file from openssl (crypt/rand/rand.h and crypto/rand/rand_egd.c) with the file openssl-0.9.5a-egd.diff I file-attach this two patched files if you want. annyonghi kaseyo, Jacques ±èº´°ü wrote: In my waytar -xvzf openssl-0.9.5a.tar.gztar -xvzf patch-2.5.tar.gztar -xvzf apache_1.3.12.tar.Ztar -xvzf apache_1.3.12+ssl_1.41.tar.gzandIn openssl-0.9.5a directory./configmakemake testmake installandIn patch-2.5 directory./configuremakemake installandcd /usr/local/src/apache_1.3.12vi SSLpatch(I modify SSL_BASE and SSL_APP_DIR)patch -p1 SSLpatchcd src./Configurecd .../configure --prefix=/usr/local/apache --enable-rule=SHARED_CORE --enable-module=somakeand thenerror comesThis is the last part of "make processing" gcc -I./os/unix -I./include -I/usr/local/src/openssl-0.9.5a/include -DLINUX=2 -DTARGET=\"httpsd\" -I/usr/local/src/php-4.0.1pl2 -I/usr/local/src/php-4.0.1pl2/main -I/usr/local/src/php-4.0.1pl2/main -I/usr/local/src/php-4.0.1pl2/Zend -I/usr/local/src/php-4.0.1pl2/Zend -I/usr/local/src/php-4.0.1pl2 -DUSE_EXPAT -I./lib/expat-lite -fpic -DSHARED_CORE -DAPACHE_SSL `./apaci` -rdynamic \ -o libhttpsd.ep -DSHARED_CORE_TIESTATIC main/http_main.c \ -L. -lhttpsd -Wl,-rpath,/usr/local/gd-1.8.3 -Wl,-rpath,/usr/local/lib -Wl,-rpath,/usr/local/imap/c-client -Wl,-rpath,/usr/local/mysql/lib/mysql -rdynamic -L/usr/local/gd-1.8.3 -L/usr/local/lib -L/usr/local/imap/c-client -L/usr/local/mysql/lib/mysql -Lmodules/php4 -L../modules/php4 -L../../modules/php4 -lmodphp4 -lgdbm -lpam -lc-client -ldl -lmysqlclient -lttf -lpng -lz -lgd -lresolv -lm -ldl -lcrypt -lnsl -lresolv -lm -lcrypt -ldl -L/usr/local/src/openssl-0.9.5a -lssl -lcrypto ./libhttpsd.so: undefined reference to `RAND_egd_bytes' collect2: ld returned 1 exit status make[2]: *** [libhttpsd.ep] Error 1 make[2]: Leaving directory `/usr/local/src/apache_1.3.12/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/local/src/apache_1.3.12' make: *** [build] Error 2 how can I manage? -- Professional homepage http://www.albert-inc.com "Hi, my name is Bill Gates and I sell Windows..." "Bonjour, je m'appelle Bill Portail et je vends des fenetres ..." "Buongiorno, mi chiamo Guglielmo Cancelli e vendo finestre ..." /* crypto/rand/rand.h */ /* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([EMAIL PROTECTED]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([EMAIL PROTECTED]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software *must display the following acknowledgement: *"This product includes cryptographic software written by * Eric Young ([EMAIL PROTECTED])" *The word 'cryptographic' can be left out if the rouines from the library *being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from *the apps directory (application code) you must include an acknowledgement: *"This product includes software written by Tim Hudson ([EMAIL PROTECTED])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCURE
Re: hi i some problems
Rodrigo Velazquez schrieb: I am form Guadalajara mexico and i have some problems installing the openssl the problem that i have is i can not generate a certificate request. add "-config /where/sits/your/openssl.cnf" to your command. [root@xmedian ssl.key]# openssl req -new -key server.key server.csr Using configuration from /etc/ssleay.cnf Unable to load config info ^ Enter PEM pass phrase: unable to find 'distinguished_name' in config problems making Certificate Request this is what i get Thanks www.xmedian.com Rodrigo Velazquez Carmona [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Holger Reif Tel.: +49 361 74707-0 SmartRing GmbH Fax.: +49 361 7470720 Europaplatz 5 [EMAIL PROTECTED] D-99091 ErfurtWWW.SmartRing.de __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Hi
Hi, I have installed openssl-0.9.3a version on HPUX 11.0 successfully. 1. First of all you need to have perl5 installed on your system. 2. Change the path name of all perl scripts in util/ directory to refer to /usr/local/bin/perl. 3. Choose hpux64 bit CC as the C compiler option , while running config. I think it should go well in all subsequent steps. Hope this helps Ramesh Krishnam Raju wrote: I have downloaded openssl-0.9.3a version and i could build the WINNT version with out any problem. However when i try to do a build for UNIX(HPUX11.0) i am encountering some problems. It needs a perl5 . i have run the config script with compiler option : gcc then i went on doing a make. The make is failing with an error: as: / var/tmp/cca27718.s", line 145:error 1052: Directive name not recognized-NSUBSPA can some one help me in this. thanks raju __ OpenSSL Projecthttp://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: hi
On Sun, Aug 08, 1999 at 02:35:38PM -0400, wabe wrote: How does one actually compile s_server and s_client? Basically, what I want to do is make a simple psuedo-icq using openSSL. But first I want to verify that I can make a client and server talk to each other. : I've done config, make install, etc. Nothing reported any errors. But I can't seem to do a make s_server without getting a ton of missing functions and variables s_server and s_client are automatically compiled. They are not separate programs -- just run "openssl s_server" (from within the apps directory, because otherwise s_server won't find its certificate and key) and "openssl s_client". __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]